IT'S TRUE - Win95 Net Browsing causes DNS lookups

[John Coutts]

This is a property of Windows 9x (don't know about 2000), and it has caused me 
some grief in the past as well. We had one of our sub networks infected with 
the <network.vbs> virus. The sub network clients were not running WINS or DHCP, 
and had our domain name listed in the network setup. The virus would try to map 
random IP addresses. When it could not find it on the local network, it sent a 
query to the primary DNS. When the primary sent a neagative response, it would 
then tack on the domain name and try again. Then it would do the same thing for 
secondary DNS. The second request to the secondary would end up coming back to 
the primary because the domain name had been tacked on.

It is my understanding that Microsoft intends to phase out WINS (which never 
worked that well anyway) and replace it with DNS lookup. Given the way that 
Windows currently behaves, that would not be difficult at all.

J.A. Coutts
Systems Engineer
Edsonet/TravPro
**************** SEPARATER *****************
In article <C35B937D60C8D3119E4400508B0CBBDA92B483 at hacnte02.ep.hess.com>, 
gbordelon at hess.com says...
>
>I have a question about your workstations performing the queries.
>
>In the > control panel > network > TCP/Protocol > properties > WINS tab, do
>you have "enable DNS for Windows resloution" turned on?? 
>
>-----Original Message-----
>From: Lee Howard [mailto:faxguy at server.deanox.com]
>Sent: Sunday, June 04, 2000 1:37 AM
>To: bind-users at isc.org
>Subject: IT'S TRUE - Win95 Net Browsing causes DNS lookups
>
>
>This seems sooooo wrong to me.  My understanding of Microsoft Networking
>was that the "Network Identification Computer Name" had nothing to do with
>the DNS host name of a system.  In fact, they're distinctly different
>fields in the network configuration utility.
>
>However, (try this at home folks its lots of fun)... if you:
>1) have a LAN with Windows 95/98 machines with DNS enabled in TCP/IP
>properties
>2) have root access to your DNS server
>3) open Network Neighborhood on one Win9x system so that you can see the
>others
>4) turn off one of those other systems (let's call it's NetID Computer Name
>SECRETARY)
>5) turn on querylog on the DNS server
>6) double-click SECRETARY on your Win9x system
>7) watch things spin for a second and then see Win9x complain that
>SECRETARY is down
>8) turn off querylog on the DNS server (let's avoid an undue amount of
>logging here)
>9) take a look at those logs on the DNS server
>10) you will see queries for SECRETARY.domain.com coming from your Win9x
>box.
>
>I have confirmed this behavior with Windows 95C and Windows 98SE, and I
>have confirmed that Windows 2000 Pro does *not* do this.
>
>This is horrible, if you ask me.  That's like looking in a phone book for
>"Buba" Martinez when his real name is Eduardo.  Yeah, you might get lucky,
>but as long as the names come from two different places, the chances of
>them being distinctly different is grave.  It *really* stinks because if
>you don't control your DNS and your domain DNS is controlled by a dingbat
>who has got lame servers and poor named configuration things you have to
>wait even longer for an error reply back... and this problem can get
>*quite* compounded (believe me) if you're using a proxy server as *your*
>DNS that is using the same domain name as the lame servers.  I've had this
>problem take drop a proxy server of mine for 1/2 hour as it fought over the
>problem before it finally timed-out.
>
>Does anybody know *why* this happens?  Not like we can fix Microsoft's boo
>boos any... (or can we?)
>See my test logs below...
>
>Lee Howard
>
>Jun  3 23:57:16 server named[3687]: XX+/209.197.23.237/LINK.deanox.com/A/IN
>(this is from a Win95C system)
>Jun  3 23:58:10 server named[3687]: XX+/209.197.23.195/LINK.deanox.com/A/IN
>(this is from a Win98SE system)
>
>
>
>
>